Threat Intelligence Blog

Weekly Threat Intelligence Brief: September 20, 2016

Posted September 20, 2016

Insurance/Healthcare

“The New York State Department of Financial Services (DFS) has proposed cybersecurity regulation for financial services companies that aims to protect New York state’s financial services industry from an increasing risk of cyber attacks, Governor Andrew Cuomo announced.

The proposed regulation is the first of its kind in the U.S. It requires banks, insurance companies and other financial services institutions that are regulated by the Department of Financial Services (DFS) to establish and maintain a cybersecurity program designed to protect consumers and ensure safety within New York’s financial services industry, according to a DFS press release.”

Legal

“The Department of Homeland Security will not classify election systems as critical infrastructure before the November presidential election, DHS Assistant Secretary for Cybersecurity Andy Ozment said at the Billington Cybersecurity Summit Tuesday.

“This is not something we’re looking to in the near future. This is a conversation we’re having in the long term with state and local government, who are responsible for voting infrastructure,” said Ozment, a former senior director for cybersecurity on the National Security Council. “We’re focused right now on what we can usefully offer that local and state government will find valuable.”

Law Enforcement

“The FBI can no longer hack a suspect’s computer to infect it with spying malware without a warrant, a federal judge in Texas ruled.

Following the child pornography case involving Jeffrey Torres’ activity on dark web child porn site Playpen, US District Judge David Ezra has ruled that secretly collecting information from a computer is still a search under the Fourth Amendment, thus requiring a warrant.

“The Network Investigative Technique (NIT) placed code on Mr Torres’ computer without his permission, causing it to transmit his IP address and other identifying data to the government. That Mr Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a ‘search’ for Fourth Amendment purposes.””

Defense

“Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs.

The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational organisations and universities.

Agencies on the list include the US General Services Administration, National Parks Service, and the Federal Aviation Administration. One government data listing visited by The Register promised alleged access to six unnamed accounts for subdomains of the US Navy including 3.5 bitcoins (US$2132).”